I think there is a bug in kmod.c: In __call_usermodehelper(), when
kernel_thread(wait_for_helper, ...) return success, since
wait_for_helper() might call complete() at any time, the sub_info should
not be used any more.
Normally wait_for_helper() take a long time to finish, you may not get
problem for most of the case. But if you remove /sbin/modprobe, it may
become easier for you to get a oop in khelper.
the following patch is made in 2.6.17.7
--- linux-2.6.17.7/kernel/kmod.c.orig 2006-08-02 22:13:21.805902750
+0800
+++ linux-2.6.17.7/kernel/kmod.c 2006-08-02 22:15:36.946348500
+0800
@@ -198,6 +198,7 @@ static void __call_usermodehelper(void *
{
struct subprocess_info *sub_info = data;
pid_t pid;
+ int wait = sub_info->wait;
/* CLONE_VFORK: wait until the usermode helper has execve'd
* successfully We need the data structures to stay around
@@ -212,7 +213,7 @@ static void __call_usermodehelper(void *
if (pid < 0) {
sub_info->retval = pid;
complete(sub_info->complete);
- } else if (!sub_info->wait)
+ } else if (!wait)
complete(sub_info->complete);
}
--
Mr. Rusty Russell's mail server reject my mail. Anybody can tell me
where I should deliver the patch?
On Wed, Aug 02, 2006 at 10:30:46PM +0800, Kenneth Lee wrote:
> Subject: [Patch] kernel: bug fixing for kernel/kmod.c
>
> I think there is a bug in kmod.c: In __call_usermodehelper(), when
> kernel_thread(wait_for_helper, ...) return success, since
> wait_for_helper() might call complete() at any time, the sub_info should
> not be used any more.
>
> Normally wait_for_helper() take a long time to finish, you may not get
> problem for most of the case. But if you remove /sbin/modprobe, it may
> become easier for you to get a oop in khelper.
>
> the following patch is made in 2.6.17.7
>
> --- linux-2.6.17.7/kernel/kmod.c.orig 2006-08-02 22:13:21.805902750
> +0800
> +++ linux-2.6.17.7/kernel/kmod.c 2006-08-02 22:15:36.946348500
> +0800
> @@ -198,6 +198,7 @@ static void __call_usermodehelper(void *
> {
> struct subprocess_info *sub_info = data;
> pid_t pid;
> + int wait = sub_info->wait;
>
> /* CLONE_VFORK: wait until the usermode helper has execve'd
> * successfully We need the data structures to stay around
> @@ -212,7 +213,7 @@ static void __call_usermodehelper(void *
> if (pid < 0) {
> sub_info->retval = pid;
> complete(sub_info->complete);
> - } else if (!sub_info->wait)
> + } else if (!wait)
> complete(sub_info->complete);
> }
>
> --
--
On Wed, 2006-08-02 at 22:30 +0800, Kenneth Lee wrote:
> I think there is a bug in kmod.c: In __call_usermodehelper(), when
> kernel_thread(wait_for_helper, ...) return success, since
> wait_for_helper() might call complete() at any time, the sub_info should
> not be used any more.
>
> Normally wait_for_helper() take a long time to finish, you may not get
> problem for most of the case. But if you remove /sbin/modprobe, it may
> become easier for you to get a oop in khelper.
>
> the following patch is made in 2.6.17.7
>
> --- linux-2.6.17.7/kernel/kmod.c.orig 2006-08-02 22:13:21.805902750
> +0800
> +++ linux-2.6.17.7/kernel/kmod.c 2006-08-02 22:15:36.946348500
> +0800
> @@ -198,6 +198,7 @@ static void __call_usermodehelper(void *
> {
> struct subprocess_info *sub_info = data;
> pid_t pid;
> + int wait = sub_info->wait;
>
> /* CLONE_VFORK: wait until the usermode helper has execve'd
> * successfully We need the data structures to stay around
> @@ -212,7 +213,7 @@ static void __call_usermodehelper(void *
> if (pid < 0) {
> sub_info->retval = pid;
> complete(sub_info->complete);
> - } else if (!sub_info->wait)
> + } else if (!wait)
> complete(sub_info->complete);
> }
>
Looks like a correct fix for the race to me. I think you'd make the code
slightly easier to read by replacing the initial test too:
if (sub_info->wait)
pid = kernel_thread(...
with:
if (wait)
pid = kernel_thread(...
Cheers,
-Matt Helsley